Veritas Advanced Supervision Audit Viewer displays a warning stating the audit feature is not configured yet

book

Article ID: 100058946

calendar_today

Updated On:

Description

Error Message

Message in the Audit Viewer widget:

The audit feature is not configured yet. Audit-specific settings will be available after the feature is configured.

Event Log Error entry:

Log Name: Veritas Enterprise Vault Source: Accelerator Service Processor Event ID: 597 Task Category: None Level: Error Description: APP AT - Customer ID: X - Error configuring customer: 1 tenant: 1 with audit server: https://:448 . Error details :One or more errors occurred.

DTrace of AcceleratorService64 may show the following (formatted with line breaks for easier reading):

EV-H {-} {MiscatAuditServerRestApiClient} {CX} Failed to Complete api request - POST https://:448/api/AuditConfiguration, header ClientID which ends with - eb13_Tenant_1, ex - System.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. | at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) | at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) | --- End of inner exception stack trace --- | at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)|

Cause

After a successful installation of Enhanced Auditing on a server that is not the CA server, the installer creates a self-signed certificate named AuditAppCert. This certiificate must be exported from the Enhanced Auditing server and manually installed on the CA server's Trusted Certificate store as per the CA Installation Guide (see Related Articles below).

If an IP Address is specified in the Audit Server uniform resource location (URL), the SSL connection may fail since the default certificate (AuditAppCert) uses the NetBIOS name or fully qualified domain name (FQDN) of the Enhanced Auditon server in the certificate's Subject Alternate Name (SAN) and does not have the IP Address listed in the SAN.

Resolution

Ensure that the Enhanced Auditing server's fully qualified domain name (FQDN) is used instead of its IP Address when installing Enhanced Auditing.

The remediation steps are:

- Copy the MSI file of the Enhanced Auditing installer to a local drive on the Enhanced Auditing server. Re-run the Audit Server installation and select the option to Modify the existing installation. Then specify the correct FQDN of the Audit Server's server when configuring Audit Server URL. The installer can take an extended time to complete - this is normal.

- Use Certificate Manager on the Enhanced Auditing server to export the AuditAppCert (Friendly Name) from the Local Computer's Trusted Root Certification Authorities Certificates and import it into the same location on the CA server.

- In the CA Configuration Settings, enter the correct FQDN of the Audit Server in the Audit Server URL.

Note: The CA Installation Guide has more information on the above steps in the section titled Installing and configuring the Enhanced Auditing feature. See the Related Articles for the applicable guide.

Issue/Introduction

Accessing the Audit Viewer widget of Enterprise Vault (EV) Veritas Advanced Supervision (VAS) lists a message stating the feature has not been configured. The EV Event Logs on the Compliance Accelerator (CA) server may also list Error Event ID 597.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"